ldap-matter/Demo/nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
  server_names_hash_bucket_size  128;
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
  access_log  /var/log/nginx/access.log  main;

  sendfile            on;
  tcp_nopush          on;
  tcp_nodelay         on;
  keepalive_timeout   65;
  types_hash_max_size 2048;

  include             /etc/nginx/mime.types;
  default_type        application/octet-stream;

  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

  upstream mm-svc {
    server mattermost:8065;
  }

  server {
    listen   *:80;
    server_name  localhost;
    root         /var/www/html;
    index index.php index.html index.htm;

    #ssl on;
    #ssl_certificate     <path to cert>;
    #ssl_certificate_key <path to key>;

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }

    location ~ /api/v[0-9]+/(users/)?websocket$ {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      client_max_body_size 50M;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Frame-Options SAMEORIGIN;
      proxy_buffers 256 16k;
      proxy_buffer_size 16k;
      proxy_read_timeout 600s;
      proxy_pass http://mm-svc;
    }

    location /oauth/gitlab/ {
      client_max_body_size 50M;
      proxy_set_header Connection "";
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Frame-Options SAMEORIGIN;
      proxy_buffers 256 16k;
      proxy_buffer_size 16k;
      proxy_read_timeout 600s;
      proxy_cache mattermost_cache;
      proxy_cache_revalidate on;
      proxy_cache_min_uses 2;
      proxy_cache_use_stale timeout;
      proxy_cache_lock on;
      proxy_pass http://mm-svc;
    }

    location /oauth/access_token {
      try_files $uri  /oauth/index.php;
    }

    location /oauth/authorize {
      try_files $uri /oauth/authorize.php$is_args$args;
    }

    location ~ /oauth/.*\.php$ {
      try_files $uri =404;
      fastcgi_pass php:9000;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include fastcgi_params;
    }

    location /oauth/ {
      try_files $uri $uri/ =404;
    }

    location / {
      sub_filter 'GitLab' 'MyAuth';
      sub_filter_types *;
      client_max_body_size 50M;
      proxy_set_header Connection "";
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Frame-Options SAMEORIGIN;
      proxy_buffers 256 16k;
      proxy_buffer_size 16k;
      proxy_read_timeout 600s;
      proxy_cache mattermost_cache;
      proxy_cache_revalidate on;
      proxy_cache_min_uses 2;
      proxy_cache_use_stale timeout;
      proxy_cache_lock on;
      proxy_pass http://mm-svc;
    }

  }

# Uncomment following lines if you use HTTPS. These lines allows redirect to HTTPS.
# You need to change listennig port of the previous server block and to configure SSL certificates.

 #server {
 #  listen       80 default_server;
 #  server_name  localhost;
 #  root         /usr/share/nginx/html;
 #  index index.php index.html index.htm;
 #  return 301 https://$host$request_uri;

 # }
}
Update Mattermost-LDAP to V2.0 2020-04-30 21:43:07 +08:00			`# For more information on configuration, see:`
			`# * Official English Documentation: http://nginx.org/en/docs/`

			`user nginx;`
			`worker_processes auto;`
			`error_log /var/log/nginx/error.log;`
			`pid /run/nginx.pid;`

			`# Load dynamic modules. See /usr/share/nginx/README.dynamic.`
			`include /usr/share/nginx/modules/*.conf;`

			`events {`
			`worker_connections 1024;`
			`}`

			`http {`
			`server_names_hash_bucket_size 128;`
			`log_format main '$remote_addr - $remote_user [$time_local] "$request" '`
			`'$status $body_bytes_sent "$http_referer" '`
			`'"$http_user_agent" "$http_x_forwarded_for"';`
			`access_log /var/log/nginx/access.log main;`

			`sendfile on;`
			`tcp_nopush on;`
			`tcp_nodelay on;`
			`keepalive_timeout 65;`
			`types_hash_max_size 2048;`

			`include /etc/nginx/mime.types;`
			`default_type application/octet-stream;`

			`proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;`

Replace localhost with DNS entries in docker-compose - fix #91 2022-04-01 05:02:49 +08:00			`upstream mm-svc {`
			`server mattermost:8065;`
Update Mattermost-LDAP to V2.0 2020-04-30 21:43:07 +08:00			`}`

			`server {`
			`listen *:80;`
			`server_name localhost;`
			`root /var/www/html;`
			`index index.php index.html index.htm;`

			`#ssl on;`
			`#ssl_certificate <path to cert>;`
			`#ssl_certificate_key <path to key>;`

			`error_page 404 /404.html;`
			`location = /40x.html {`
			`}`

			`error_page 500 502 503 504 /50x.html;`
			`location = /50x.html {`
			`}`

			`location ~ /api/v[0-9]+/(users/)?websocket$ {`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "upgrade";`
			`client_max_body_size 50M;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Frame-Options SAMEORIGIN;`
			`proxy_buffers 256 16k;`
			`proxy_buffer_size 16k;`
			`proxy_read_timeout 600s;`
Replace localhost with DNS entries in docker-compose - fix #91 2022-04-01 05:02:49 +08:00			`proxy_pass http://mm-svc;`
Update Mattermost-LDAP to V2.0 2020-04-30 21:43:07 +08:00			`}`

			`location /oauth/gitlab/ {`
			`client_max_body_size 50M;`
			`proxy_set_header Connection "";`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Frame-Options SAMEORIGIN;`
			`proxy_buffers 256 16k;`
			`proxy_buffer_size 16k;`
			`proxy_read_timeout 600s;`
			`proxy_cache mattermost_cache;`
			`proxy_cache_revalidate on;`
			`proxy_cache_min_uses 2;`
			`proxy_cache_use_stale timeout;`
			`proxy_cache_lock on;`
Replace localhost with DNS entries in docker-compose - fix #91 2022-04-01 05:02:49 +08:00			`proxy_pass http://mm-svc;`
Update Mattermost-LDAP to V2.0 2020-04-30 21:43:07 +08:00			`}`

Patch demo for Mattermost Desktop >= 4.7 (#80) 2021-11-24 23:29:28 +08:00			`location /oauth/access_token {`
			`try_files $uri /oauth/index.php;`
			`}`

			`location /oauth/authorize {`
			`try_files $uri /oauth/authorize.php$is_args$args;`
			`}`

Update Mattermost-LDAP to V2.0 2020-04-30 21:43:07 +08:00			`location ~ /oauth/.*\.php$ {`
			`try_files $uri =404;`
			`fastcgi_pass php:9000;`
			`fastcgi_index index.php;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`include fastcgi_params;`
			`}`

			`location /oauth/ {`
			`try_files $uri $uri/ =404;`
			`}`

			`location / {`
			`sub_filter 'GitLab' 'MyAuth';`
			`sub_filter_types *;`
			`client_max_body_size 50M;`
			`proxy_set_header Connection "";`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Frame-Options SAMEORIGIN;`
			`proxy_buffers 256 16k;`
			`proxy_buffer_size 16k;`
			`proxy_read_timeout 600s;`
			`proxy_cache mattermost_cache;`
			`proxy_cache_revalidate on;`
			`proxy_cache_min_uses 2;`
			`proxy_cache_use_stale timeout;`
			`proxy_cache_lock on;`
Replace localhost with DNS entries in docker-compose - fix #91 2022-04-01 05:02:49 +08:00			`proxy_pass http://mm-svc;`
Update Mattermost-LDAP to V2.0 2020-04-30 21:43:07 +08:00			`}`

			`}`

			`# Uncomment following lines if you use HTTPS. These lines allows redirect to HTTPS.`
			`# You need to change listennig port of the previous server block and to configure SSL certificates.`

			`#server {`
			`# listen 80 default_server;`
			`# server_name localhost;`
			`# root /usr/share/nginx/html;`
			`# index index.php index.html index.htm;`
			`# return 301 https://$host$request_uri;`

			`# }`
			`}`